WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing.

Slides:

Advertisements

Similar presentations

W w w. h p c - e u r o p a. o r g HPC-Europa Portal: Uniform Access to European HPC Infrastructure Ariel Oleksiak Poznan Supercomputing.

Advertisements

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

Mobile Application Architecture Initiative Steve Wheat Chief IT Architect.

Data Management Expert Panel - WP2. WP2 Overview.

CSF4, SGE and Gfarm Integration Zhaohui Ding Jilin University.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

WP 1 Grid Workload Management Massimo Sgaravatto INFN Padova.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

Massimo Cafaro GridLab Review GridLab WP10 Information Services Massimo Cafaro CACT/ISUFI University of Lecce, Italy.

A Model for Grid User Management Rich Baker Dantong Yu Tomasz Wlodek Brookhaven National Lab.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Status of Globus activities within INFN (update) Massimo Sgaravatto INFN Padova for the INFN Globus group

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

SUN HPC Consortium, Heidelberg 2004 Grid(Lab) Resource Management System (GRMS) and GridLab Services Krzysztof Kurowski Poznan Supercomputing and Networking.

- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

GridLab WP12 Access for mobile users GridLab Review, Brussels, Sept What's new in mobile user support Bartek Lewandowski, Piotr Grabowski

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

GridLab A Grid Application Toolkit and Testbed IST Jarek Nabrzyski GridLab Project Coordinator Poznań.

WP9 Resource Management Current status and plans for future Juliusz Pukacki Krzysztof Kurowski Poznan Supercomputing.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Jarek Nabrzyski, Ariel Oleksiak Comparison of Grid Middleware in European Grid Projects Jarek Nabrzyski, Ariel Oleksiak Poznań Supercomputing and Networking.

Introduction to Computer Administration Course Supervisor: Muhammad Saeed.

PanDA Multi-User Pilot Jobs Maxim Potekhin Brookhaven National Laboratory Open Science Grid WLCG GDB Meeting CERN March 11, 2009.

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

Grid Chemistry System Architecture Overview Akylbek Zhumabayev.

Resource Brokering in the PROGRESS Project Juliusz Pukacki Grid Resource Management Workshop, October 2003.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Introduction to Microsoft Windows 2000 Integrated support for client/server and peer-to-peer networks Increased reliability, availability, and scalability.

3-Nov-00D.P.Kelsey, HEPiX, JLAB1 Certificates for DataGRID David Kelsey CLRC/RAL, UK

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Grid Security: Authentication Most Grids rely on a Public Key Infrastructure system for issuing credentials. Users are issued long term public and private.

GO-ESSP Workshop, LLNL, Livermore, CA, Jun 19-21, 2006, Center for ATmosphere sciences and Earthquake Researches Construction of e-science Environment.

User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

May 2004NTUA1 National Technical University of Athens EGEE Project 3 rd Parties Kick off Meeting, Athens, May 27-28, 2004 Dr. Costis Christogiannis Telecommunications.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

GridLab Resource Management System (GRMS) Jarek Nabrzyski GridLab Project Coordinator Poznań Supercomputing and.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Data Manipulation with Globus Toolkit Ivan Ivanovski TU München,

6 march Building the INFN Grid Proposal outline a.ghiselli,l.luminari,m.sgaravatto,c.vistoli INFN Grid meeting, milano.

Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.

EGI-Engage Data Services and Solutions Part 1: Data in the Grid Vincenzo Spinoso EGI.eu/INFN Data Services.

GIIS Implementation and Requirements F. Semeria INFN European Datagrid Conference Amsterdam, 7 March 2001.

PROGRESS: GEW'2003 Using Resources of Multiple Grids with the Grid Service Provider Michał Kosiedowski.

MGRID Architecture Andy Adamson Center for Information Technology Integration University of Michigan, USA.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Site Authorization Service Local Resource Authorization Service (VOX Project) Vijay Sekhri Tanya Levshina Fermilab.

The Globus Toolkit The Globus project was started by Ian Foster and Carl Kesselman from Argonne National Labs and USC respectively. The Globus toolkit.

Collaborative Tools for the Grid V.N Alexandrov S. Mehmood Hasan.

All Hands Meeting 2003 BIRN Portal Abel W. Lin. Overview Outline: Purpose of BIRN Portal Architecture Interaction with Grid Tools Functionality Current.

EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.

ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.

A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.

Overview of the New Security Model Akos Frohner (CERN) WP8 Meeting VI DataGRID Conference Barcelone, May 2003.

Module 8: Securing Network Traffic by Using IPSec and Certificates

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

WP6: Authorization Service Workshop in Eger Marcin Adamski, Michał Chmielewski, Sergiusz Fonrobert, Jarek Nabrzyski and Tomasz Ostwald Poznań Supercomputing and Networking Center

March 31st, 2003 Presentation Overview About security in the GridLab Project General Design of Authorization Service Current implementation status Plans for the Eger meeting

March 31st, 2003 Security in GridLAB Security in Grid environments is a significant and still open problem The primary goal of Security Workpackage in the GridLab project is to create flexible and universal Authorization Service The secondary goal is to provide general support to other workpackages in solving detailed technical problems related to security issues

March 31st, 2003 The Authorization Service The main requirement is flexibility of Authorization Service The AS is about to provide universal way of defining security policy for the whole Grid, independent of technologies used at lower levels It should be able to implement most security models for Grids and use many different scenarios at the same time It should support many different security technologies (ex. GSI and Microsoft authentication) It has to be secure and stable implementation (AS is considered as a trusted component of security model)

March 31st, nd phase The General Design 1st phase 3rd phase

March 31st, st phase Current State Core Core AS Component Scenarios Engine Authorization Scenarios Security Policy Database Communication Component Authorization and Security Policy Engine

March 31st, 2003 Current State Security Policy Engine Security Policy Database Authorization Module Security Policy Manager ASP Engine Interface Authorization and Security Policy Engine Security Policy Database Component

March 31st, 2003 AS implementation Implementation in C Compatibility with Globus Toolkit 2.0 Globus Toolkit 2.2 CAS version of GT Service interface using WSDL Source codes will be available in CVS after the Eger Meeting

March 31st, 2003 AS communication Communication: based on GSI protocol, GSI plugin for gSOAP Interface (GSI based protocol) for internal use between AS components, in future may be used to fulfill specific needs of GridLab services Interface functions (WSDL): getServiceDescription getResourcesList getAuthorizationDecision sendCommandLine

March 31st, 2003 AS components as_server storing security policy get authorization decision, generate policy other security info as_client_admin and as_client_admin_soap add security policy items to as_server database as_client and as_client_soap get full policy from sever and generate proxy with this policy as_enabled_tcp_server and client, test_soap_client components for as_server policy tests cas_policy_viewer print policy included into proxy

March 31st, 2003 AS data structure (current)

March 31st, 2003 AS data structure (CAS) Object "cas_object" Subject "User" Object Attribute OBJECT_NAME_TYPE Relation Object Attributes array Subject Attributes array Subject Attributes Id_string Object array "Objects" Subject array "Users" Object Attribute OBJECT_NAME Object Attribute SERVICE_TYPE Object Attribute SERVICE_ACTION Relation array

March 31st, 2003 AS data structure (GRMS) Object "grms_object" Subject "User" Relation Object Attributes array Subject Attributes array Subject Attributes Id_string Object array "Objects" Subject array "Users" Object Attribute OBJECT_NAME Object Attribute OBJECT_URL Relation array

March 31st, 2003 AS data structure Current state (previous slides) arrays of objects, subjects, relations Future tree structure (hierarchical structure) Grid at the top level Services Servers Files Others objects (based upon specific requirements) Currently most of our work is focused on appropriate internal design (gathering requirements is the main goal of Eger meeting)

March 31st, 2003 AS experiment (CAS mode)

March 31st, 2003 Scenario 1 (similar to CAS)

March 31st, 2003 Scenario 2 (Eger) (GRMS only authorization decision) GRID SERVICES as enabled module GRMS grid-mapfile PORTAL AS as decision 6. USER

March 31st, 2003 Scenario 3 (GRMS proxy file) GRID SERVICES as enabled module USER GRMS grid-mapfile PORTAL AS as decision as proxy GRMS proxy certificate (logical part of policy included) user proxy certificate user certificate CA certificate

March 31st, 2003 The Nearest Future Experiment aimed at integration of portal with resource manager Complete design and implementation of AS internals (fulfilling most of possible grid specific requirements) Designing and implementing the initial set of scenarios to be used in the GridLab project Introduce database support for storing security policy Verify security level and quality of implementation

March 31st, 2003 Plans for Eger Meeting Gather information about detailed authorization requirements of various services Prepare for experiment aimed at integration of portal with resource manager Planned meetings: Portals (WP4) Monitoring (WP11) Testbed (WP5) Resource Management (WP9+WP4+WP6) Mobile (WP4+WP12+WP6) Others